6

我有一个使用 Prism 4 的 WPF 桌面应用程序,在我的引导程序中我有以下代码:

protected override IModuleCatalog CreateModuleCatalog()
{
   var filepath = Assembly.GetExecutingAssembly().Location;
   var path = Path.GetDirectoryName(filepath);
   System.IO.Directory.SetCurrentDirectory(path);
   path = Path.Combine(path, "Modules");
   var moduleCatalog = new DirectoryModuleCatalog() { ModulePath = path };
   return moduleCatalog;
}

上面的代码告诉 prism 从“[my app root]\Modules”路径加载所有 .dll,并检查它们是否有任何类实现了 IModule。我想要做的是将加载过程限制为仅使用特定签名密钥签名的 DLL,以防止任何开发人员在我的应用程序中注入它的模块。如果我为此类问题走错了路,请提出建议。

4

2 回答 2

3

You are on the right path, however, you need to go a little further. The DirectoryModuleCatalog is designed to load any types in the specified directory that implement the IModule interface, as you have seen. If you want to limit the modules that are loaded further (for example, to assemblies signed with a specific key), you need to create a custom module catalog (likely derived from DirectoryModuleCatalog), and override the Initialize method. Initialize is where the module catalog will examine the directory and load a collection of ModuleInfo objects that contain the information about any modules in the directory. By overriding this method, you can examine the assemblies in the directory and only load modules from assemblies with the proper signature. In the Initialize method, you would populate the Modules property with ModuleInfos of Modules contained in valid assemblies.

Then, in the above code, rather than creating a new DirectoryModuleCatalog(), you would create your custom module catalog.

Please note, depending on how you check the signature of the assembly, you may be loading the assembly into memory (even if you don't make any modules available in the catalog). If this is the case, you may want to verify the assemblies in a separate AppDomain which can then be unloaded (therefore unloading the unsigned assemblies from memory).

于 2012-06-19T01:02:36.850 回答
0

我创建了这个自定义 DirectoryModuleCatalog,您可以在其中指定包含/排除集。

于 2013-10-24T07:50:23.830 回答